Metasploit 4.12.0 (Update 2016071801)

Document created by tdoan Employee on Jul 19, 2016Last modified by tdoan Employee on Oct 7, 2016
Version 3Show Document
  • View in full screen mode

Bugs Fixed

 

    • PR-7104 - ActiveRecord syntax fix for framework db credential iteration. This uses the new join syntax with the Metasploit database.
    • PR-7100 - This fixes an issue with the Burp importer dropping vulnerability information if there is no reference, which would result in missing exploitation coverage, and in reporting.
    • PR-7089 - Corrected Usage of Port and Regex Datastore types The nbns_response spoofer and HTTP cert scanner modules did not use the default types of their datastore options as expected, leading to backtraces or unexpected behavior.
    • PR-7087 - This patch fixes a migration problem in the Beholder plugin. It allows you to be able to actually migrate when multiple users are logged in.
    • PR-6932 - This updates the SQL injection in joomla_contenthistory_sqli_rce to be more reliable. It also fixes some minor output inconsistencies in the module.
    • PR-6733 - This is a partial fix for psexec with 64-bit payloads. In some edge cases, the payload would fail to spawn. Mostly, though, this PR corrects a cargo-culted piece of code ('StackAdjustment' => -3500) that plagues our exploit modules.
    • Pro - MS-340 - During evidence collection, the Quick Pentest Wizard would fail and display a stack trace. This fix modifies the sleep time so that the stdapi has time to load and the Quick Pentest Wizard does not error out during the collection phase.
    • Pro - MS-1540 - If the Vulnerable Hosts report contained custom-created vulnerability references that do not use hyphens, an exception would occur during report generation. This fix adds better handling for vulnerability references that do not use hyphens.
    • Pro - MS-1663 - Social engineering campaigns no longer use cookies. The use of cookies caused targets to not be tracked accurately when they were used in multiple campaigns. Targets are now tracked properly across all campaigns. 
    • Pro - MS-1667 - Target lists no longer allow duplicate entries.

 

Features and Enhancements

 

    • PR-7068 - New POSIX Meterpreter (payload) This payload represents a new POSIX implementation of Meterpreter. We are in the process of adding more features to bring this Meterpreter up to parity with other Meterpreters.
    • PR-7064 - A feature of the WebNMS 5.2 system is that is stores obfuscated credentials in a external-facing file protected by a reversible obfuscation technique. This module retrieves the credentials and de-obfuscates the password, providing the plaintext login credentials.
    • PR-6777 - The Xen 4.2.0 Denial of Service module exploits a memory corruption in Xen 4.2.0 that causes a denial of service in the hypervisor from a hosted VM, including dom0.

 

Exploits Added

 

 

Offline Update

 

To download the offline file for this update, go to http://updates.metasploit.com/packages/dd2747539cd9167fdc45397330a8320d72bd497c. bin .

 

Version Information

 

PRO 4.12.0 updates to 4.12.0-2016071801

Attachments

    Outcomes